Tuesday, March 29, 2016

Three years ago to the day, Apple added in two-step verification to help improve user security. The verification method relied on the user having another device readily available to help authenticate a sign-in. As of today, Apple has taken that security further by now offering two-factor authentication to all users running iOS 9 and OS X El Capitan.

Both methods strive to increase a user’s foothold in security practices, but both go about doing so in very different ways. Luckily, Apple has chosen to make sure that the end user experience is phenomenal no matter what method they choose.

Getting started, or switching to the new two-factor authentication is not without it’s questions. Let’s dive in and resolve them.

Why switch to two-factor authentication?

Two-factor authentication, also known as 2FA, is a method of authentication relying on two different components. In the Apple ID example we’ll be reviewing, that would be the Apple ID’s password, and a secondary device that has already been authenticated.

This secondary device would receive a one time use code whenever a new authentication is requested.

On the surface, this seems very similar to Apple’s two-step verification that is already in place. Except, this new 2FA implementation requires that each new device attempting to authenticate with an Apple ID must be approved from another device. In Apple’s previous two-step verification, a user could simply type in the Apple ID password and be authenticated. The only area two-step verification seemed to consistently come into play for me was when signing onto the Apple ID website.

Switching to Apple’s new two-factor authentication method ensures that if an Apple ID’s credentials were ever stolen, they wouldn’t be automatically authenticated onto a new (or previously wiped) device. The new two-factor authentication presents the verification code on devices in a different manner. During the two-step verification process, a user would simply get an alert dialog indicating someone requested the verification code. With two-factor authentication, the alert dialog presents a small map of the authentication request’s approximate location for approval before showing the verification code.Before Getting Started

Apple explains that while all iCloud users can enable two-factor authentication today, at least one of their devices needs to be running iOS 9 or OS X El Capitan.

To enable two-factor authentication on your Apple ID account, we will have to turn off two-step verification if it is currently enabled. First head to the Apple ID website, and sign in. Once on the site, we will need to select ‘Edit’ in the ‘Security’ section so that we may disable two-step verification.

Select ‘Turn Off Two-Step Verification’ under the ‘Two-Step Verification’ section. In the process of disabling it, the site will then walk you through creating three security questions for your account. While this may be annoying, it’s a necessary step in helping secure the account in case a password is forgotten.

Tip: Use a third-party password manager like 1Password on iOS or the Mac to generate three random pass-phrases as the answers to your security questions. This ensures that someone won’t be able to easily guess your password. Also, if you ever end up having to call Apple Support, you will be able to dictate your security answers easily.

Once two-step verification has been turned off, we’ll move to iOS to enable two-factor authentication. Let’s head to Settings > iCloud > and then select your Apple ID up at the top. iOS should request you to enter your iCloud password before proceeding.

Once in, select ‘Password & Security’ and then ‘Set Up Two-Factor Authentication…’ at the bottom of the view. iOS will now walk you through creating this extra layer of security. If any of your devices have not yet been updated to the latest recommended requirements, you may get a prompt like I did indicating such.

That’s it! You’ve now successfully enabled two-factor authentication on your iOS and Mac devices. Now, whenever a new device attempts to authenticate with your Apple ID, your trusted devices will be alerted with an alert dialog indicating the location the request is coming from and the verification code necessary to authenticate.

Further reading on Apple’s usage of two-factor authentication is available in the links below: